Cloning your website is just another level in fix wordpress malware cleanup that may be very useful. Cloning simply means that you've backed up your site to a completely different location, (offline, as in a folder, in order to not have SEO issues ) where you can access it at a moment's notice if necessary.
Protect your login credentials - Do not keep your login credentials where they might be found by a hacker. Store them off, and even offline. Roboform is very good for protecting them. Food for thought!
I don't think there is a person out there that after learning just how much of a problem WordPress hacking is that it's a good idea. However is that when it comes to securing their blogs, bloggers seem to be stuck in this state that is reactive.
Can you view that folder Imagine if you visit WP-Content/plugins? If so, upload this blank Index.html file into that folder as well so people can not view what plugins you have. Because even if your current version of WordPress is current, if you are using a plugin or an old plugin using a security hole, then someone can use that to get access.
But realize that online security is something that you really need to start thinking about. Do not only be the reactive type, consider steps to start protecting yourself. Don't let Joe the Hacker i thought about this make your life miserable and turn everything in creating come crashing down in a matter of seconds, that you've worked hard.